Hey guys,
So I tried the packet filtering rules. The only problem that I see here is the fact that the Packet Filter rules being logged will only show one side of the connection at a time. We would either log the real IP client-side connection or the translated IP server-side connection but there is nothing there to tie the two together. While we have configured our SNAT to try to maintain the source port of the client, there is a possibility in which that would be impossible and then the ability to related the client and server-side connection would be completely lost.
I don't think that this approach would work.
Thanks for the replies and if anybody has another idea I would love to try it out!